Forum Discussion
Azure AD Connect on Azure VM with DC role
Hi John,
Does your network on Azure point to DNS's on Azure ?
Can you see in cmd prompt if "set" the logon server is one of the Azure ?
Do you have site and services on AD correct configured with the network on Azure ?
Verify the sincronization and schedule times betweent AD sites.
When you change a password on-premises, the user change to the closest DC than AD connect detects that and pull from it to Azure AD.
Hi John,
Is your DC a Global Catalog ?
The best architecture to archive your goal is to have a DC separate to AD Connect, please refer to this architectures that describe the scenarios https://technet.microsoft.com/en-us/library/mt613459.aspx
Yes, two site and two DC , both DC is Global Catalog.
Best practice is separate role, but we lack of resource so combine to one VM.
I have test it is able to do on DC role although it is not recommand practice.
Do it have data loss between Azure AAD to On-premise DC with Site to Site VPN? so AAD can't pull on-premise DC password change request immediately?
Hi John,
Does your network on Azure point to DNS's on Azure ?
Can you see in cmd prompt if "set" the logon server is one of the Azure ?
Do you have site and services on AD correct configured with the network on Azure ?
Verify the sincronization and schedule times betweent AD sites.
When you change a password on-premises, the user change to the closest DC than AD connect detects that and pull from it to Azure AD.
Hi Nuno,
Does your network on Azure point to DNS's on Azure ? Primary DNS is point to on-premise DC
Can you see in cmd prompt if "set" the logon server is one of the Azure ? echo %logonserver% result is Azure DC server
Do you have site and services on AD correct configured with the network on Azure ? yes, it is two different site subnets.
Verify the sincronization and schedule times betweent AD sites. Repicate every 15 minutes.